Ben Laurie blathering

CardSpace and the Seven Laws (again)

At this OECD workshop on identity management, Fred Carter, of the Office of the Information and Privacy Commissioner, Ontario, spoke on “Functional Requirements for Privacy Enhancing Systems”. At one point he listed privacy protecting identity management systems, which he broadly defined as those following Kim’s seven laws. The list was short, just PRIME and Credentica … note the absence of CardSpace. So, I just had to ask: “does this mean that you believe CardSpace does not obey the seven laws?”. His reply? “Yes”.

Chris Bunio, a Senior Architect for Microsoft, was present. He did not dispute the claim.


  1. Ben, thanks for flagging that one.

    The question was one of opinion and I did not feel it was the right audience to go through the complete analysis of Cardspace and compliance with the Laws.

    Fred expressed a strong backing for the Laws and given the OECD is a policy based group the discussion was focused at the correct topic, the Laws and privacy, and not the in-market implementations.


    Comment by Chris Bunio — 10 May 2007 @ 18:11

  2. Can you elaborate? I’d like to know which laws are not adhered to.

    Comment by Daniel Bartholomew — 11 May 2007 @ 2:25

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress